[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#992692: general: Use https for {deb,security}.debian.org by default

On Thu, Sep 2, 2021 at 9:06 PM Ansgar wrote:

> Accessing www.debian.org will also not work on such systems (and unlike
> deb.d.o that does not even offer non-https). It's not Debian's problem.

The Tor onion services offer alternatives to the https PKI:


> Is replacing deb.d.o by a non-CDN feasible?

security.d.o mirrors were getting overwhelmed after Linux kernel
updates, which is why that switched to the Fastly CDN, so probably
not. Also, the entire point of the deb.d.o domain is that it be backed
by a CDN.

httpredir.d.o was an alternative CDN-like thing that was based on HTTP
redirects to the mirror network. It had lots of problems, but now that
we have a mirror checker and zzz-dists, perhaps it could work better.
The mirror:// method in apt has probably improved since then too.
Maybe http redirects to local mirrors could be feasible again, but it
would take a lot of work.


> As far as I know there is also at least https://cdn-aws.deb.debian.org/
> if you don't like Fastly.

And there are other CDNs that could potentially be used.



Reply to: